Did you see the big article on the front page of the Observer newspaper yesterday (4 March 2012) about the blacklisting that had been going on in the construction industry over three decades? They believe that lots of the data had come from the police and security services, which of course is topical at the moment because of the Leveson inquiry into phone hacking.
This story about the construction industry first broke into the public domain about three years ago. Why is it relevant to aDaVista and the Data Protection Act 1998? Well, it demonstrates the work of the Information Commissioner’s Office (ICO). Bear with me while I explain the “case” and its relevance...
(Information taken from the Observer article and my memory of the case!). Workers in the construction industry had heard rumours for years that a “blacklist” existed. This blacklist could prevent people getting work based on membership of trade unions and being perceived as “troublesome”. Following a case taken to an Employment Tribunal four years ago, the ICO investigated and discovered the existence of a blacklist on a database held by the “Consulting Association” together with invoices from some of the UK’s biggest construction companies for employment checks.
More civil cases through the tribunal system have followed and the latest has spurred the Observer article... especially as a representative from the ICO gave evidence that some of the data had come from the police and/or security services. People often ask me how you can tell if there is other information that has not been provided by a company – if you work with personal data long enough then you can tell whether relevant information has been omitted or indeed where that data may have come from!
PENALTIES
The ICO closed down the offices and fined Ian Kerr (the keeper of the data) £5,000. What the Observer do not say is that this is the maximum civil penalty that the ICO can impose and they do not do this without significant evidence of damage to the individuals concerned. The Article states “...only 14 of Kerr’s clients were given enforcement notices, demanding they comply with the law. In the three years since the blacklist was first revealed, only three people are understood to have successfully won a claim at a full employment tribunal.
The vast majority of those who have attempted to gain redress through the courts have failed” – Personally, this does not surprise me in the slightest! Damages of this sort are particularly difficult to prove in legal terms as companies can easily state that there were other reasons for not employing someone! Interestingly, no one seems to have been advised by lawyers to pursue damages under the terms of the Data Protection Act 1998. Given that the ICO had enough solid evidence to close down the company and hand down the maximum penalty it could at the time, surely the evidence must exist to prove distress and damages to the personal data of the 3,200 individuals affected? Still this is only my personal opinion...
We should now watch these cases with interest - precedents could easily be set that may help you in the future...
No comments:
Post a Comment